Artur Rot - Profile on Academia.edu (original) (raw)

Head of Department of Information Systems at Wroclaw University of Economics, researcher, academic lecturer.
Dr. Artur Rot is an Assistant Professor at Wroclaw University of Economics, Head of Information Systems Department. Academic lecturer, researcher, industry consultant and author. Rector’s Attorney in WASK Network Users Board (2016- now). Dr. Artur Rot was board member of the Scientific Society of Business Informatics - NTIE (2007-2015), member of IAENG (International Association of Engineers).

He is author of over 90 publications. His research interests are grounded in the realities of the IT industry. His areas of past and current interest cover: information systems security management, IT risk management, IT Governance.

He serves in Programm Committees of following conferences: International Conference on Evaluation of Novel Approaches to Software Engineering (ENASE), International Conference on Enterprises Information Systems (ICEIS), Federated Conference on Computer Science and Information Systems (FedCSIS), Emerging Aspects in Information Security (EAIS) and many others.

Visiting scholars:
- State University of New York at Albany (SUNY), USA (2012)
- University at Albany, NY, USA (2012),
- Polytechnic Institute of Setúbal, Portugal (2011),
- Technical University of Lisbon, Portugal (2011),
- Katholieke Universiteit Leuven, Belgium (2007),
- Northwestern University, USA (2014),
- University of St. Gallen, Switzerland (2014).

Reviewer of articles on many international conferences.

Courses taught: Information Systems Security, Computer Networks and Security, Information Technologies, Computer Science in Management, Fundamentals of Information Systems, Management Information Systems, System Analysis & Design, etc.

less

Related Authors

Imed Fray

West Pomeranian University of Technology, Szczecin

Uploads

Papers by Artur Rot

— IT risk management currently plays more and more important role in almost all aspects of contem... more — IT risk management currently plays more and more important role in almost all aspects of contemporary organizations ’ functionality. It requires reliable and cyclical realization of its key task which is risk analysis. Literature of subject presents problems of risk analysis in different way, the most often skipped or selectively treated the problem of quantitative methods application for the purpose of risk analysis. The article presents the issue of one of the most significant stages of risk analysis which is IT risk assessment, especially focusing on chosen quantitative methods such as ALE (Annual Loss Expected) method, Courtney method, Fisher’s method, using survey research ISRAM model (Information Security Risk Analysis Method) and other derived ratios. There were also shortly presented chosen qualitative methods – FMEA (Failure Mode and Effects Analysis) and FMECA (Failure Mode and Effects Criticality Analysis), NIST SP 800-30 method and CRAMM methodology. Index Terms — IT r...

Proceedings of the 21st International Conference on Enterprise Information Systems, 2019

The purpose of this paper is to propose a proprietary methodology and model to generate a "cybers... more The purpose of this paper is to propose a proprietary methodology and model to generate a "cybersecurity transformation workplan" for large organizations that can improve their cybersecurity posture. The key input is based on risk-based assessment or maturity-based questionnaires depending on existing governance processes and available information. The original scoring can be then used to prioritize a portfolio of all possible initiatives by selecting the ones that are missing from typical foundation elements or would have high potential impact in relation to required investment and effort. Additional constraints such as budget limitation and FTE availability, logical sequencing and time requirements could be added to ensure effective use of company resources and actionability of the recommendations. The Gantt-like output would ease the burden on the security teams by providing an individualized set of activities to be implemented to improve risk posture.

Annals of Computer Science and Information Systems, 2018

Along with the increasing globalization and development of information and communication technolo... more Along with the increasing globalization and development of information and communication technology, business models are changing, and thus the need for innovative knowledge management is growing. Current knowledge management systems very often are not used optimally/effectively for decision-making because of the lack of real-time data. This article draws attention to the current trend in the area of organization management and IT management related to the emergence and growing popularity of the Internet of Things. The authors try to assess the potential of IoT in the context of improving knowledge processes (locating, acquiring, using, sharing and disseminating as well as preserving / coding / archiving / collecting), especially acquiring and sharing data and determining IoT impact on knowledge management and learning of the organization. The possible positive effects of implementing IoT in enterprises of various types, as well as threats and challenges that must be met by organizations that care about increasing their competitive position using IoT will be presented.

Communication Papers of the 2018 Federated Conference on Computer Science and Information Systems, 2018

attraction of investments into the electric power industry is complicated by a number of problems... more attraction of investments into the electric power industry is complicated by a number of problems related to the long payback period and instability of the conditions on the market. Investors in the electric power industry must invest huge sums of money and hope for maintaining high demand and prices in the future in order to get a payback from the project. Decentralized investment distributes risks and allows you to raise a sufficient profit. In the paper Authors will consider the possibility of using distributed register systems to involve potential energy consumers in investing in the construction of generating facilities with a certain amount of energy at a reduced price in the future. In addition, the blockchain system allows to solve problems of the electric power market: simplify and make more flexible maintenance of transactions, automate trade settlements, reduce the risks of non-fulfillment of obligations. In turn, the improved interaction environment of market participants will make the market more stable, which will increase the investment attractiveness of the industry.

Wybrane determinanty rozwoju rynku rynku informatycznego w Polsce

Towards Industry 4.0: Functional and Technological Basis for ERP 4.0 Systems

Towards Industry 4.0 — Current Challenges in Information Systems, 2020

In the Industry 4.0 conception, due to the development of new information technologies and their ... more In the Industry 4.0 conception, due to the development of new information technologies and their implementation in management systems, there are developed systems with extended functionalities, new functional features and new technologies such as, for example, the Internet of Things, fog computing, big data, big management. These are ERP 4.0 systems. They increase the scope of automation and even robotize information processes, they are also able to transform information into knowledge, which increases the efficiency of decision-making processes and thus increases the efficiency of enterprises and organizations. The main aim of the chapter is to identify and discuss the features in the newly emerging ERP 4.0 system and also to analyze and classify the main contributions published on the topic of ERP 4.0 in management literature, seeking to give it a unique definition, discover the gaps still remaining in literature and outline future avenues of research in this domain. The main contribution of the chapter is developing the guidelines for structural and technological development of ERP-class systems, with particular emphasis on technological solutions of the ERP 4.0 system, such as cognitive technologies, big data, the Internet of Things, cloud computing and fog computing. The Authors attempts also to formulate a unique definition and features of the ERP system and outline future research directions in this area.

Proceedings of the 4th International Conference on Information and Communication Technologies for Ageing Well and e-Health, 2018

One of the key challenges for the next several years is to face, especially in highly developed c... more One of the key challenges for the next several years is to face, especially in highly developed countries, the problem of aging and its impact on the general quality of citizens' life. Due to this trend, the Authors have presented a concept of ICT platform aimed at increasing the activity of people at retirement age. It is dedicated to members of local communities, can be used to support entrepreneurship, self-fulfilment and activation in the field of independent social life. During the realization of the project, the Authors have noticed the different business requirements of senior citizens. They were described in the article together with respective technological innovations which were implemented in the ActGo-Gate platform as an answer to these challenges and requirements.

Position Papers of the 2017 Federated Conference on Computer Science and Information Systems, 2017

According to Kaspersky Lab research, APT -Advanced Persistent Threatsare one of the biggest threa... more According to Kaspersky Lab research, APT -Advanced Persistent Threatsare one of the biggest threats in IT as of 2016. Organised groups, keeping contact in various languages, have attacked the IT systems of financial institutions, government, military and diplomatic agencies, telecom and power supply companies, politicians and activists, and private companies, and these attacks were global in scope. APT should be seen as a complex phenomenon, an existing danger to companies, organisations and public entities. This article showcases the problem of APT, the biggest threats related to them, and chosen methods and tools that can be effectively used to counter APT attacks. An effective, multilayered defence model is outlined in the article as well.

Communication Papers of the 2018 Federated Conference on Computer Science and Information Systems, 2018

The problem of implementing modern technologies into the electric power industry is quite relevan... more The problem of implementing modern technologies into the electric power industry is quite relevant in the world. The article considers the models of decentralized platforms providing services for energy distribution and trade, their main advantages and disadvantages. The basic principles of tokenization were developed, which allow optimizing of the energy systems and concentration of the crowd funding process for the construction of new generation facilities.

Applied Sciences, 2021

This paper discusses the problem of retailers’ profit maximization regarding displaying products ... more This paper discusses the problem of retailers’ profit maximization regarding displaying products on the planogram shelves, which may have different dimensions in each store but allocate the same product sets. We develop a mathematical model and a genetic algorithm for solving the shelf space allocation problem with the criteria of retailers’ profit maximization. The implemented program executes in a reasonable time. The quality of the genetic algorithm has been evaluated using the CPLEX solver. We determine four groups of constraints for the products that should be allocated on a shelf: shelf constraints, shelf type constraints, product constraints, and virtual segment constraints. The validity of the developed genetic algorithm has been checked on 25 retailing test cases. Computational results prove that the proposed approach allows for obtaining efficient results in short running time, and the developed complex shelf space allocation model, which considers multiple attributes of a...

Software Quality Improvement by Application of a Component-Based Software Meta-Architecture

Designing software is a complex process which requires a lot of knowledge and experience. Every s... more Designing software is a complex process which requires a lot of knowledge and experience. Every software has a high-level architecture which can be represented as a set of taken design decisions. Software meta-architectures, architectural styles, and reference models are commonly used tools which help to shape the software architectures by delivering sets of already taken, and validated design decisions. The STCBMER is a component-based software meta-architecture founded on a set of simple pieces of architectural knowledge, called architectural principles. The authors of this publication have defined the STCBMER and its principles in previous works. The main aim and the contribution of this paper is to look for a correlation between a component-based software meta-architecture (STCBMER) and software quality attributes.

Bezpieczeństwo Internetu rzeczy. Wybrane zagrożenia i sposoby zabezpieczeń na przykładzie systemów produkcyjnych

Streszczenie: W opinii wielu ekspertów oraz firm analitycznych zagadnienia takie jak cyfryzacja, ... more Streszczenie: W opinii wielu ekspertów oraz firm analitycznych zagadnienia takie jak cyfryzacja, bezpieczeństwo IT oraz Internet rzeczy to zjawiska, które wyznaczały kierunek rozwoju poszczególnym branżom gospodarki w minionym roku i będą szczególnie istotne w przyszłości. Wśród nich znajduje się Internet rzeczy, wobec którego oczekuje się, że znajdzie wiele zastosowań w różnych dziedzinach, m.in. w energetyce, transporcie, przemyśle, opiece zdrowotnej. Jego zastosowania usprawniają nasze życie, ale stwarzają też nowe zagrożenia i stanowią wyzwanie dla architektów systemów bezpieczeństwa. Eksperci są zdania, że problemy z bezpieczeństwem IT sprzed lat powracają obecnie w nowych urządzeniach i dają hakerom wiele możliwości do cyberataków. Celem artykułu jest przybliżenie koncepcji Internetu rzeczy, obszarów jej zastosowań, ale przede wszystkim identyfikacja zagrożeń wynikających z zastosowań tej koncepcji. Artykuł zawiera również przegląd przypadków użycia Internetu rzeczy w obszarze produkcji, opis zagrożeń dla cyberbezpieczeństwa wynikających z poszerzania dostępu do sieci nowych urządzeń, a także przegląd istniejących zabezpieczeń w tej dziedzinie.

Wirtualizacja zasobów informatycznych organizacji. Analiza korzyści i wybranych programowych narzędzi wirtualizacyjnych

Streszczenie: Wirtualizacja została szybko zaadaptowana przez współczesne organizacje, gdyż oferu... more Streszczenie: Wirtualizacja została szybko zaadaptowana przez współczesne organizacje, gdyż oferuje wiele korzyści. Dzięki niej można uprościć istniejące środowisko IT, two-rząc przy tym dynamiczniejsze i bardziej elastyczne centrum przetwarzania danych o wysokim poziomie bezpieczeństwa, przy jednoczesnym obniżeniu nakładów inwesty-cyjnych oraz kosztów operacyjnych. Systemy do wirtualizacji są wciąż udoskonalane, zwiększane jest spektrum ich możliwości, co przyczynia się do coraz większego zaintere-sowania tymi rozwiązaniami. Obecnie na rynku istnieje wiele rozwiązań programowych wspomagających procesy wirtualizacji, które różnią się między sobą pod wieloma wzglę-dami. Celem artykułu jest przedstawienie istoty, podstawowych typów wirtualizacji, jej zastosowań i korzyści oraz popularnych systemów wirtualizacyjnych stosowanych w praktyce. Zastosowane metody badawcze to przegląd aktualnej literatury przedmiotu, analiza istniejących badań i wybranych przypadków zastosowań wirtualizacji oraz analiza przydatności wdrożenia omawianej technologii w praktyce. Wprowadzenie Różne organizacje badawcze zajmujące się analizą rynku IT publikują opraco-wania, w których określają trendy w branży nowoczesnych technologii na najbliż-sze lata. W raportach tych coraz modniejsze staje się pojęcie " disruptive innovation " , które określa nowe technologie mające szansę zmienić sposób funkcjono-wania organizacji, zmieniając diametralnie dotychczasowy porządek ekonomiczny. Wśród tych trendów w obszarze IT aktualnie wymienia się m.in. sztuczną inteli-gencję, uczenie maszynowe, technologie chmurowe i związaną z nimi wirtualizację zasobów informatycznych, Internet rzeczy, technologię blockchain oraz adaptacyj-ne architektury związane z cyberbezpieczeństwem. Niezmiennie od kilku lat wśród tych zestawień ważne miejsce zajmują platformy chmurowe oraz wirtualizacja zasobów. Technologia ta ma aktualnie coraz więcej różnorodnych zastosowań. Przynosi ona wymierne korzyści w zakresie organizacji IT, dlatego też szybko wchodzi do powszechnego użytku.

Bezpieczeństwo jako najważniejsze wyzwanie koncepcji Internetu rzeczy

The Internet of Things (IoT) is based on constant technological progress and is associated with t... more The Internet of Things (IoT) is based on constant technological progress and is associated with the existence of the global network connecting multiple devices and sensors that can independently exchange data. It is expected that IoT will find many applications in various fields of services and businesses, including power engineering, transport, industry, logistics, healthcare and IT sector. According to Gartner forecasts there will be 26 billion devices connected to the Internet in 2020, which means a huge increase of amount of data that will have to be stored and processed. IoT improves our lives, but also brings new threats and is a significant challenge for architects of security systems. Data privacy problems, weaknesses in the authorization and authentication systems, unsecured Web interfaces, software errors are the most common threats and vulnerabilities. In many devices, there is a lack of implemented security mechanisms that are able to mitigate existing vulnerabilities and prevent common threats. The aim of the article is to introduce the IoT and its applications, but most of all to identify and analyze the threats resulting from the Internet access of new devices.

Artificial Intelligence in Cybersecurity: The Use of AI Along the Cyber Kill Chain

The current challenge with defense against cyberattacks is that the speed and quantity of threats... more The current challenge with defense against cyberattacks is that the speed and quantity of threats often outpace human-centered cyber defense capabilities. That is why a new Artificial Intelligence driven approach may enhance the effectiveness of security controls. However, it can also be used by adversaries to create more sophisticated and adaptable attack mechanisms. Distinguishing three key AI capabilities (knowledge acquisition, human-like perception and decision making), the goal of this paper is to assert where within the cyber kill chain have AI capabilities already been applied, and which phase holds the greatest near-term potential given recent developments and publications. Based on literature review, authors see the strongest potential for deploying AI capabilities during the reconnaissance, intrusion, privilege escalation and data exfiltration steps of the cyber kill chain with other uses being deployed in the remaining steps.

Along with the increasing globalization and development of information and communication technolo... more Along with the increasing globalization and development of information and communication technology, business models are changing, and thus the need for innovative knowledge management is growing. Current knowledge management systems very often are not used optimally/effectively for decision-making because of the lack of real-time data. This article draws attention to the current trend in the area of organization management and IT management related to the emergence and growing popularity of the Internet of Things. The authors try to assess the potential of IoT in the context of improving knowledge processes (locating, acquiring, using, sharing and disseminating as well as preserving / coding / archiving / collecting), especially acquiring and sharing data and determining IoT impact on knowledge management and learning of the organization. The possible positive effects of implementing IoT in enterprises of various types, as well as threats and challenges that must be met by organiza...

Data Quality Management in ERP Systems - Accounting Case

Cloud computing jako nowy model biznesu : korzyści, zagrożenia i wyzwania dla zarządzania

Podejście ilościowe i jakościowe w analizie ryzyka informatycznego w małych i średnich przedsiębiorstwach

— IT risk management currently plays more and more important role in almost all aspects of contem... more — IT risk management currently plays more and more important role in almost all aspects of contemporary organizations ’ functionality. It requires reliable and cyclical realization of its key task which is risk analysis. Literature of subject presents problems of risk analysis in different way, the most often skipped or selectively treated the problem of quantitative methods application for the purpose of risk analysis. The article presents the issue of one of the most significant stages of risk analysis which is IT risk assessment, especially focusing on chosen quantitative methods such as ALE (Annual Loss Expected) method, Courtney method, Fisher’s method, using survey research ISRAM model (Information Security Risk Analysis Method) and other derived ratios. There were also shortly presented chosen qualitative methods – FMEA (Failure Mode and Effects Analysis) and FMECA (Failure Mode and Effects Criticality Analysis), NIST SP 800-30 method and CRAMM methodology. Index Terms — IT r...

Proceedings of the 21st International Conference on Enterprise Information Systems, 2019

The purpose of this paper is to propose a proprietary methodology and model to generate a "cybers... more The purpose of this paper is to propose a proprietary methodology and model to generate a "cybersecurity transformation workplan" for large organizations that can improve their cybersecurity posture. The key input is based on risk-based assessment or maturity-based questionnaires depending on existing governance processes and available information. The original scoring can be then used to prioritize a portfolio of all possible initiatives by selecting the ones that are missing from typical foundation elements or would have high potential impact in relation to required investment and effort. Additional constraints such as budget limitation and FTE availability, logical sequencing and time requirements could be added to ensure effective use of company resources and actionability of the recommendations. The Gantt-like output would ease the burden on the security teams by providing an individualized set of activities to be implemented to improve risk posture.

Annals of Computer Science and Information Systems, 2018

Along with the increasing globalization and development of information and communication technolo... more Along with the increasing globalization and development of information and communication technology, business models are changing, and thus the need for innovative knowledge management is growing. Current knowledge management systems very often are not used optimally/effectively for decision-making because of the lack of real-time data. This article draws attention to the current trend in the area of organization management and IT management related to the emergence and growing popularity of the Internet of Things. The authors try to assess the potential of IoT in the context of improving knowledge processes (locating, acquiring, using, sharing and disseminating as well as preserving / coding / archiving / collecting), especially acquiring and sharing data and determining IoT impact on knowledge management and learning of the organization. The possible positive effects of implementing IoT in enterprises of various types, as well as threats and challenges that must be met by organizations that care about increasing their competitive position using IoT will be presented.

Communication Papers of the 2018 Federated Conference on Computer Science and Information Systems, 2018

attraction of investments into the electric power industry is complicated by a number of problems... more attraction of investments into the electric power industry is complicated by a number of problems related to the long payback period and instability of the conditions on the market. Investors in the electric power industry must invest huge sums of money and hope for maintaining high demand and prices in the future in order to get a payback from the project. Decentralized investment distributes risks and allows you to raise a sufficient profit. In the paper Authors will consider the possibility of using distributed register systems to involve potential energy consumers in investing in the construction of generating facilities with a certain amount of energy at a reduced price in the future. In addition, the blockchain system allows to solve problems of the electric power market: simplify and make more flexible maintenance of transactions, automate trade settlements, reduce the risks of non-fulfillment of obligations. In turn, the improved interaction environment of market participants will make the market more stable, which will increase the investment attractiveness of the industry.

Wybrane determinanty rozwoju rynku rynku informatycznego w Polsce

Towards Industry 4.0: Functional and Technological Basis for ERP 4.0 Systems

Towards Industry 4.0 — Current Challenges in Information Systems, 2020

In the Industry 4.0 conception, due to the development of new information technologies and their ... more In the Industry 4.0 conception, due to the development of new information technologies and their implementation in management systems, there are developed systems with extended functionalities, new functional features and new technologies such as, for example, the Internet of Things, fog computing, big data, big management. These are ERP 4.0 systems. They increase the scope of automation and even robotize information processes, they are also able to transform information into knowledge, which increases the efficiency of decision-making processes and thus increases the efficiency of enterprises and organizations. The main aim of the chapter is to identify and discuss the features in the newly emerging ERP 4.0 system and also to analyze and classify the main contributions published on the topic of ERP 4.0 in management literature, seeking to give it a unique definition, discover the gaps still remaining in literature and outline future avenues of research in this domain. The main contribution of the chapter is developing the guidelines for structural and technological development of ERP-class systems, with particular emphasis on technological solutions of the ERP 4.0 system, such as cognitive technologies, big data, the Internet of Things, cloud computing and fog computing. The Authors attempts also to formulate a unique definition and features of the ERP system and outline future research directions in this area.

Proceedings of the 4th International Conference on Information and Communication Technologies for Ageing Well and e-Health, 2018

One of the key challenges for the next several years is to face, especially in highly developed c... more One of the key challenges for the next several years is to face, especially in highly developed countries, the problem of aging and its impact on the general quality of citizens' life. Due to this trend, the Authors have presented a concept of ICT platform aimed at increasing the activity of people at retirement age. It is dedicated to members of local communities, can be used to support entrepreneurship, self-fulfilment and activation in the field of independent social life. During the realization of the project, the Authors have noticed the different business requirements of senior citizens. They were described in the article together with respective technological innovations which were implemented in the ActGo-Gate platform as an answer to these challenges and requirements.

Position Papers of the 2017 Federated Conference on Computer Science and Information Systems, 2017

According to Kaspersky Lab research, APT -Advanced Persistent Threatsare one of the biggest threa... more According to Kaspersky Lab research, APT -Advanced Persistent Threatsare one of the biggest threats in IT as of 2016. Organised groups, keeping contact in various languages, have attacked the IT systems of financial institutions, government, military and diplomatic agencies, telecom and power supply companies, politicians and activists, and private companies, and these attacks were global in scope. APT should be seen as a complex phenomenon, an existing danger to companies, organisations and public entities. This article showcases the problem of APT, the biggest threats related to them, and chosen methods and tools that can be effectively used to counter APT attacks. An effective, multilayered defence model is outlined in the article as well.

Communication Papers of the 2018 Federated Conference on Computer Science and Information Systems, 2018

The problem of implementing modern technologies into the electric power industry is quite relevan... more The problem of implementing modern technologies into the electric power industry is quite relevant in the world. The article considers the models of decentralized platforms providing services for energy distribution and trade, their main advantages and disadvantages. The basic principles of tokenization were developed, which allow optimizing of the energy systems and concentration of the crowd funding process for the construction of new generation facilities.

Applied Sciences, 2021

This paper discusses the problem of retailers’ profit maximization regarding displaying products ... more This paper discusses the problem of retailers’ profit maximization regarding displaying products on the planogram shelves, which may have different dimensions in each store but allocate the same product sets. We develop a mathematical model and a genetic algorithm for solving the shelf space allocation problem with the criteria of retailers’ profit maximization. The implemented program executes in a reasonable time. The quality of the genetic algorithm has been evaluated using the CPLEX solver. We determine four groups of constraints for the products that should be allocated on a shelf: shelf constraints, shelf type constraints, product constraints, and virtual segment constraints. The validity of the developed genetic algorithm has been checked on 25 retailing test cases. Computational results prove that the proposed approach allows for obtaining efficient results in short running time, and the developed complex shelf space allocation model, which considers multiple attributes of a...

Software Quality Improvement by Application of a Component-Based Software Meta-Architecture

Designing software is a complex process which requires a lot of knowledge and experience. Every s... more Designing software is a complex process which requires a lot of knowledge and experience. Every software has a high-level architecture which can be represented as a set of taken design decisions. Software meta-architectures, architectural styles, and reference models are commonly used tools which help to shape the software architectures by delivering sets of already taken, and validated design decisions. The STCBMER is a component-based software meta-architecture founded on a set of simple pieces of architectural knowledge, called architectural principles. The authors of this publication have defined the STCBMER and its principles in previous works. The main aim and the contribution of this paper is to look for a correlation between a component-based software meta-architecture (STCBMER) and software quality attributes.

Bezpieczeństwo Internetu rzeczy. Wybrane zagrożenia i sposoby zabezpieczeń na przykładzie systemów produkcyjnych

Streszczenie: W opinii wielu ekspertów oraz firm analitycznych zagadnienia takie jak cyfryzacja, ... more Streszczenie: W opinii wielu ekspertów oraz firm analitycznych zagadnienia takie jak cyfryzacja, bezpieczeństwo IT oraz Internet rzeczy to zjawiska, które wyznaczały kierunek rozwoju poszczególnym branżom gospodarki w minionym roku i będą szczególnie istotne w przyszłości. Wśród nich znajduje się Internet rzeczy, wobec którego oczekuje się, że znajdzie wiele zastosowań w różnych dziedzinach, m.in. w energetyce, transporcie, przemyśle, opiece zdrowotnej. Jego zastosowania usprawniają nasze życie, ale stwarzają też nowe zagrożenia i stanowią wyzwanie dla architektów systemów bezpieczeństwa. Eksperci są zdania, że problemy z bezpieczeństwem IT sprzed lat powracają obecnie w nowych urządzeniach i dają hakerom wiele możliwości do cyberataków. Celem artykułu jest przybliżenie koncepcji Internetu rzeczy, obszarów jej zastosowań, ale przede wszystkim identyfikacja zagrożeń wynikających z zastosowań tej koncepcji. Artykuł zawiera również przegląd przypadków użycia Internetu rzeczy w obszarze produkcji, opis zagrożeń dla cyberbezpieczeństwa wynikających z poszerzania dostępu do sieci nowych urządzeń, a także przegląd istniejących zabezpieczeń w tej dziedzinie.

Wirtualizacja zasobów informatycznych organizacji. Analiza korzyści i wybranych programowych narzędzi wirtualizacyjnych

Streszczenie: Wirtualizacja została szybko zaadaptowana przez współczesne organizacje, gdyż oferu... more Streszczenie: Wirtualizacja została szybko zaadaptowana przez współczesne organizacje, gdyż oferuje wiele korzyści. Dzięki niej można uprościć istniejące środowisko IT, two-rząc przy tym dynamiczniejsze i bardziej elastyczne centrum przetwarzania danych o wysokim poziomie bezpieczeństwa, przy jednoczesnym obniżeniu nakładów inwesty-cyjnych oraz kosztów operacyjnych. Systemy do wirtualizacji są wciąż udoskonalane, zwiększane jest spektrum ich możliwości, co przyczynia się do coraz większego zaintere-sowania tymi rozwiązaniami. Obecnie na rynku istnieje wiele rozwiązań programowych wspomagających procesy wirtualizacji, które różnią się między sobą pod wieloma wzglę-dami. Celem artykułu jest przedstawienie istoty, podstawowych typów wirtualizacji, jej zastosowań i korzyści oraz popularnych systemów wirtualizacyjnych stosowanych w praktyce. Zastosowane metody badawcze to przegląd aktualnej literatury przedmiotu, analiza istniejących badań i wybranych przypadków zastosowań wirtualizacji oraz analiza przydatności wdrożenia omawianej technologii w praktyce. Wprowadzenie Różne organizacje badawcze zajmujące się analizą rynku IT publikują opraco-wania, w których określają trendy w branży nowoczesnych technologii na najbliż-sze lata. W raportach tych coraz modniejsze staje się pojęcie " disruptive innovation " , które określa nowe technologie mające szansę zmienić sposób funkcjono-wania organizacji, zmieniając diametralnie dotychczasowy porządek ekonomiczny. Wśród tych trendów w obszarze IT aktualnie wymienia się m.in. sztuczną inteli-gencję, uczenie maszynowe, technologie chmurowe i związaną z nimi wirtualizację zasobów informatycznych, Internet rzeczy, technologię blockchain oraz adaptacyj-ne architektury związane z cyberbezpieczeństwem. Niezmiennie od kilku lat wśród tych zestawień ważne miejsce zajmują platformy chmurowe oraz wirtualizacja zasobów. Technologia ta ma aktualnie coraz więcej różnorodnych zastosowań. Przynosi ona wymierne korzyści w zakresie organizacji IT, dlatego też szybko wchodzi do powszechnego użytku.

Bezpieczeństwo jako najważniejsze wyzwanie koncepcji Internetu rzeczy

The Internet of Things (IoT) is based on constant technological progress and is associated with t... more The Internet of Things (IoT) is based on constant technological progress and is associated with the existence of the global network connecting multiple devices and sensors that can independently exchange data. It is expected that IoT will find many applications in various fields of services and businesses, including power engineering, transport, industry, logistics, healthcare and IT sector. According to Gartner forecasts there will be 26 billion devices connected to the Internet in 2020, which means a huge increase of amount of data that will have to be stored and processed. IoT improves our lives, but also brings new threats and is a significant challenge for architects of security systems. Data privacy problems, weaknesses in the authorization and authentication systems, unsecured Web interfaces, software errors are the most common threats and vulnerabilities. In many devices, there is a lack of implemented security mechanisms that are able to mitigate existing vulnerabilities and prevent common threats. The aim of the article is to introduce the IoT and its applications, but most of all to identify and analyze the threats resulting from the Internet access of new devices.

Artificial Intelligence in Cybersecurity: The Use of AI Along the Cyber Kill Chain

The current challenge with defense against cyberattacks is that the speed and quantity of threats... more The current challenge with defense against cyberattacks is that the speed and quantity of threats often outpace human-centered cyber defense capabilities. That is why a new Artificial Intelligence driven approach may enhance the effectiveness of security controls. However, it can also be used by adversaries to create more sophisticated and adaptable attack mechanisms. Distinguishing three key AI capabilities (knowledge acquisition, human-like perception and decision making), the goal of this paper is to assert where within the cyber kill chain have AI capabilities already been applied, and which phase holds the greatest near-term potential given recent developments and publications. Based on literature review, authors see the strongest potential for deploying AI capabilities during the reconnaissance, intrusion, privilege escalation and data exfiltration steps of the cyber kill chain with other uses being deployed in the remaining steps.

Along with the increasing globalization and development of information and communication technolo... more Along with the increasing globalization and development of information and communication technology, business models are changing, and thus the need for innovative knowledge management is growing. Current knowledge management systems very often are not used optimally/effectively for decision-making because of the lack of real-time data. This article draws attention to the current trend in the area of organization management and IT management related to the emergence and growing popularity of the Internet of Things. The authors try to assess the potential of IoT in the context of improving knowledge processes (locating, acquiring, using, sharing and disseminating as well as preserving / coding / archiving / collecting), especially acquiring and sharing data and determining IoT impact on knowledge management and learning of the organization. The possible positive effects of implementing IoT in enterprises of various types, as well as threats and challenges that must be met by organiza...

Data Quality Management in ERP Systems - Accounting Case

Cloud computing jako nowy model biznesu : korzyści, zagrożenia i wyzwania dla zarządzania

Podejście ilościowe i jakościowe w analizie ryzyka informatycznego w małych i średnich przedsiębiorstwach